<-- Back

Marketplace component submission declined due to prohibited or high-risk license

Issue

A Marketplace component submission was declined because the automated vulnerability/compliance scan flagged a prohibited or high-risk license. The documentation referenced during the decline process covers open-source software (OSS) licenses, raising questions about whether paid or partner licenses are also subject to the same compliance scan and what the requirements are for submitting components that use paid partner licenses.

Environment

Mendix Portal

Cause

All submitted Marketplace components are automatically scanned by the Quality & Security Management (QSM) vulnerability and compliance scanning tool. Currently, custom licenses are not recognized as approved exceptions by QSM. As a result, some custom or paid partner licenses are incorrectly classified as High Risk OSS licenses, triggering an automatic decline of the component submission.

At present, there is no exception mechanism available in either QSM or the Marketplace submission process to prevent these licenses from being automatically flagged and declined.

Solution/Workaround

If a Marketplace component submission is declined due to a prohibited or high-risk license, follow these steps:

  1. Review the decline notification and identify which license triggered the flag.

  2. If the component uses a paid or proprietary partner license, ensure that the license is correctly declared during the submission process as a proprietary license (not an OSS license).

  3. Refer to the Mendix Marketplace submission guidelines for proprietary and paid licenses to ensure all requirements are met before resubmitting.

  4. If the submission continues to be declined despite a correct license declaration, contact Mendix Support so the marketplace team can manually review and approve the component.

  5. When submitting the same module for multiple Mendix versions (e.g., Mendix 9 and Mendix 11), follow the same submission and license declaration process for each version. If the license is correctly declared, the submission should not be declined again; however, if issues persist, contact Mendix Support for assistance.

Internal information related

  • 280564
  • C01CJBH06RW/p1781091376385609
  • The #marketplace team needs to be contacted to approve the component.

Additional information

Have more questions? Submit a request

0 Comments

Article is closed for comments.

To provide feedback, please open a ticket here. Don't forget to include the article's URL along with the feedback you would like to provide.